Cisco Unified MeetingPlace Express, Release 2.x -- How to Configure User Authentication By an External Directory

From DocWiki

Jump to: navigation, search

Main page: Cisco Unified MeetingPlace Express, Release 2.x


Note: User authentication by an external directory is only supported with Cisco Unified Communications Manager.


You can simplify user profile administration by enabling an external directory to authenticate Cisco Unified MeetingPlace Express users. Cisco Unified MeetingPlace Express automatically creates a user profile in the local database when a new user attempts to log in on the web and successfully authenticates through an external directory. User authentication by an external directory does not work if you try to log in to Cisco Unified MeetingPlace Express on the phone.

If an external user is unable to log in as a result of bad communication with the external directory, the system generates a major alarm.

Each user profile in Cisco Unified MeetingPlace Express includes an authentication method setting (local or external) that affects the following:

  • How the user is authenticated in future attempts to access Cisco Unified MeetingPlace Express.
  • Which user profile parameters may be modified by either the system administrator or the end user through Cisco Unified MeetingPlace Express.


The authentication method for a user cannot be configured through the Administration Center. The authentication method can be modified only within a user profile import file. Set the isLocalUser field to one of the following values:

  • Yes-User is authenticated locally by the Cisco Unified MeetingPlace Express database. This is the default setting for user profiles that are imported or manually created through the Administration Center.
  • No-User is authenticated by an external directory. This is the default setting for user profiles that are automatically created when new users successfully authenticate through an external directory.


Contents

Related Topics


Requirements for User Authentication by an External Directory

You must use Cisco Unified Communications Manager Release 4.0 or a later release to use an external directory to authenticate Cisco Unified MeetingPlace Express users.


Table: Supported Authentication Methods by an External Directory lists the supported authentication methods and directories.


Table: Supported Authentication Methods by an External Directory
Cisco Unified Communications Manager Release Authentication Method Supported Directories

4.x

LDAP

  • Cisco Unified Communications Manager DC-Directory
  • Any LDAP directory with the installed Cisco Customer Directory Configuration Plugin for Cisco Unified Communications Manager

5.x

AXL SOAP API

  • Cisco Unified Communications Manager user directory
  • Any LDAP directory that is synchronized with Cisco Unified Communications Manager </td>



Restrictions for User Authentication by an External Directory

The following restrictions apply for each user profile that is automatically created during authentication by an external directory, or configured as requiring external authentication during an import process:

  • The user is always authenticated through the external directory. Therefore, if the connection fails between Cisco Unified MeetingPlace Express and the external directory, the user will not be able to log in to Cisco Unified MeetingPlace Express.
  • Because the user is authenticated through the external directory, the User ID, User password, and Profile password fields cannot be modified through Cisco Unified MeetingPlace Express by the user or by the system administrator. (The Profile number field can be modified through Cisco Unified MeetingPlace Express by the system administrator.)
  • These password-expiration fields on the Usage Configuration page do not apply to users that are authenticated by an external directory: Change profile password (days) and Change user password (days).


User Profile Settings When Populated by an External Directory

The following user profile fields are populated with information from the external directory the first time that the user logs in to the Cisco Unified MeetingPlace Express system:


If any of the listed fields are not available in the external directory, the field is left blank in the Cisco Unified MeetingPlace Express user profile. All other user profile fields are populated with the values configured in the guest profile.


Note: These fields are not synchronized with the external directory. This means that they are synchronized only the first time the user logs into the system and imports the values. If the information in these fields changes in the external directory after that first login, those changes are not ported to Cisco Unified MeetingPlace Express. However, because the user is authenticated by the external directory, the original user password and profile password values copied to and stored on Cisco Unified MeetingPlace Express are irrelevant and are never used. When authenticating users, the system only looks at the user password and profile password in the external directory.


Related Topics


Configuring User Authentication by an External Directory-Cisco Unified CallManager Release 4.x

This topic describes how to configure user authentication by an external directory that is either embedded in or integrated with Cisco Unified CallManager Release 4.x.


Note: If you instead want to configure user authentication by an external directory that is either embedded in or integrated with Cisco Unified CallManager 5.x, then see the Configuring User Authentication by an External Directory-Cisco Unified Communications Manager Release 5.x and 6.x.


Before You Begin


Procedure
  1. Log in to Cisco Unified MeetingPlace Express and click Administration.
  2. Click System Configuration > Usage Configuration.
  3. Configure the following fields:
  4. For Release 2.0.3 and later only: Click Test LDAP Configuration to test that the configuration parameters work correctly.
  5. Click Save.


Related Topics


Configuring User Authentication by an External Directory-Cisco Unified Communications Manager Release 5.x and 6.x

To configure user authentication by an external directory that is either embedded in or integrated with Cisco Unified Communications Manager 5.x and 6.x, complete both of the following tasks:

  1. Configuring Cisco Unified Communications Manager to Support Authentication of Cisco Unified MeetingPlace Express Users
  2. Configuring Cisco Unified MeetingPlace Express for External User Authentication by Cisco Unified Communications Manager Release 5.x


Note: If you instead want to configure user authentication by an external directory that is either embedded in or integrated with Cisco Unified CallManager 4.x, see the Configuring User Authentication by an External Directory-Cisco Unified CallManager Release 4.x.


Configuring Cisco Unified Communications Manager to Support Authentication of Cisco Unified MeetingPlace Express Users

This topic describes how to create an application user in Cisco Unified Communications Manager Release 5.x that enables Cisco Unified MeetingPlace Express users to be authenticated by one of the following directories:

  • User directory in Cisco Unified Communications Manager 5.x
  • Any LDAP directory that is synchronized with Cisco Unified Communications Manager 5.x


For information about synchronizing Cisco Unified Communications Manager with an LDAP directory, see the system guide and administration guide for your specific release of Cisco Unified Communications Manager.


Before You Begin


Procedure
  1. Go to http://ccm-server/ccmadmin/main.asp, where ccm-server is the fully qualified domain name or IP address of the Cisco Unified Communications Manager server.
  2. Log in with your Cisco Unified Communications Manager administrator username and password.
  3. Create a Cisco Unified MeetingPlace Express LDAP application user by following these steps:
    1. Select User Management from the main menu.
    2. Select Application User from the drop-down list.
    3. Enter a username for the new application user, such as mpeaxl, and assign a password.
    Associate the new application user to the user group that has permission to access the Cisco Unified Communications Manager AXL database, by configuring the following:
    Note: Depending on your system configuration, you may not need to create a role in Step 4 or create a user group in step Step 5. Roles and groups only need to be created once and often they already exist. If they do exist, skip these steps.
  4. Create a role for AXL users by following these steps:
    1. Select User Management from the main menu.
    2. Select Role from the drop-down list.
    3. In the Name field, enter "Standard AXL API Access."
    4. Under Resource Access Information, next to AXL Database API, make sure that the check box next to Allow to use API is checked. This allows AXL database access.
  5. Create a user group by following these steps:
    1. Select User Management from the main menu.
    2. Select User Group from the drop-down list.
    3. In the Name field, enter "Standard AXL Users."
    4. Click Save to create the group.
  6. Add application users to the group by following these steps:
    1. Select User Management from the main menu.
    2. Select User Group from the drop-down list.
    3. Click Add Application Users to Group.
    4. Check the check box next to the name of the application user you created in Step 3c.
    5. Click Add Selected.
    6. Click Save.
  7. Assign a role to the user group by following these steps:
    1. Select User Management from the main menu.
    2. Select User Group from the drop-down list.
    3. Click the Role Information icon next to the Standard AXL API Users created in step 4b.
    4. Click Assign Role to Group.
    5. Select Standard AXL API Access and then click Add Selected.
    6. Click Save.


Related Topics


Configuring Cisco Unified MeetingPlace Express for External User Authentication by Cisco Unified Communications Manager Release 5.x

This topic describes how to configure Cisco Unified MeetingPlace Express to authenticate users through one of the following directories:

  • User directory in Cisco Unified Communications Manager Release 5.x
  • Any LDAP directory that is synchronized with Cisco Unified Communications Manager Release 5.x


For information about synchronizing Cisco Unified Communications Manager with an LDAP directory, see the system guide and administration guide for your specific release of Cisco Unified Communications Manager.


Before You Begin


Procedure
  1. Log in to Cisco Unified MeetingPlace Express and click Administration.
  2. Click System Configuration > Usage Configuration.
  3. Configure the following fields:
  4. In the New AXL URL field:
    1. Enter the URL or hostname of the AXL directory server.
    2. Click Add.
  5. Verify that the URL or hostname correctly appears in the AXL URL field.
  6. For Release 2.0.3 and later only: Click Test AXL Configuration to test that the configuration parameters work correctly.
  7. Click Save.
  8. Proceed to Configuring Cisco Unified Communications Manager to Support Authentication of Cisco Unified MeetingPlace Express Users.
Related Topics

Rating: 0.0/5 (0 votes cast)

Personal tools